Advertisement
Not a member of Pastebin yet?
Sign Up,
it unlocks many cool features!
- WebView
- ===
- WebView myWebView = (WebView) findViewById(R.id.webview);
- WebSettings webSettings = myWebView.getSettings();
- webSettings.setJavaScriptEnabled(true)
- https://content-security-policy.com/
- Ios App
- 1. they run as "mobile"
- /Applications - pre installed apps
- /var/mobile/Applications-downloaded apps
- ios 8 -/var/mobile/Bundle/Applications
- ios app diretory structure
- 1. [app].app
- 2. Documents
- 3. library
- 4. library/Preferences
- 5. library/caches
- 6. tmp
- once put ios application in background, ios will take snapshot of current screen. To protect it from readable from other, put secure flag into input field.
- binary file
- plutil - to read binary file
- table start with Z --> core table
- https://github.com/ptoomey3/Keychain-Dumper
- http://osxdaily.com/2016/03/10/convert-plist-file-xml-binary-mac-os-x-plutil/
- https://github.com/Chronic-Dev/libplist/blob/master/plutil/plutil.c
- https://androidtamer.com/tamer4-release
- http://iphonedevwiki.net/index.php/Cycript_Tricks
- https:.//www.hacksplaining.com
- https://www.cvedetails.com/
- https://www.first.org/cvss/calculator/3.0
- http://cwe.mitre.org/top25/
- https://www.sans.org/top25-software-errors
- https://www.owasp.org/images/b/bc/OWASP_Top_10_Proactive_Controls_V3.pdf
- https://www.owasp.org/index.php/OWASP_Proactive_Controls
- https://www.owasp.org/index.php/Category:OWASP_Enterprise_Security_API
- https://www.owasp.org/index.php/Category:OWASP_Enterprise_Security_API
- https://www.owasp.org/index.php/Category:OWASP_Application_Security_Verification_Standard_Project
- vm> tcpdump -w <filename>.pcap -s 0
- Dekstop > strings ly.pcap | grep 'demo'
- ios v9 - /var/mobile/Containers/Data/Application
- class-dump <binaryfile> > binaryfile.txt
- DRM protected.
- need to reverse engineer like below
- $ clutch <applicationname>
- $ unzip <path_applicationname> .ipa
- $ cd <appname>.app
- $ class-dump <filename>*
- $ ps aux | grep challenge5
- $ cycript -p <processId>
- in objective c language
- cy# $ UIApp.windows
- cy# $ UIApp.keyWindow.rootViewController.output.text='abc'
- UIApp.keyWindow.rootViewController
- /private/var/Keychain/keychain2-
- /usr/bin
- [UIApp.keyWindow.rootViewController loggedIn]
- [i for (i in *UIApp)]
- Tools = $ mobsf (pre-installed with tamer)
Advertisement
Add Comment
Please, Sign In to add comment
Advertisement